On Mon, 23 Dec 2024 at 15:34, Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx> wrote: > > >> nft add rule inet cni-kindnet prerouting dnat to ip daddr . ip protocol . th dport map @hostport-map-v4 > > > > > Strange, this version does work for me. > > > > table inet cni-kindnet { > > map hostport-map-v4 { > > type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service > > flags interval > > } > > > > chain prerouting { > > type nat hook prerouting priority dstnat; policy accept; > > dnat ip to ip daddr . ip protocol . th dport map @hostport-map-v4 > > } > > } > > Yeah, it works for me too, it seems the difference is the "ip" > statement after the "dnat" ... "dnat ip to ip daddr ..." > > Without that "ip" I can see with strace that it gets " -1 EAGAIN > (Resource temporarily unavailable) > > Thanks for the help I can not make it work for ipv6, and tried different combinations map hostport-map-v6 { type ipv6_addr . inet_proto . inet_service : ipv6_addr . inet_service flags interval } nft add rule inet cni-kindnet prerouting dnat ip6 to ip6 daddr . meta l4proto . th dport map @hostport-map-v6 Error: transport protocol mapping is only valid after transport protocol match add rule inet cni-kindnet prerouting dnat ip6 to ip6 daddr . meta l4proto . th dport map @hostport-map-v6 ~~~~ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^